Author Topic: Hacking the HDO1k/HDO4k Rigol 12 bit scope  (Read 171951 times)

0 Members and 4 Guests are viewing this topic.

Online tv84

  • Super Contributor
  • ***
  • Posts: 3251
  • Country: pt
Re: Hacking the HDO1k/HDO4k Rigol 12 bit scope
« Reply #125 on: November 05, 2022, 06:30:41 pm »
Anybody who can't see that might want to make an appointment with the optician.

PS: There's a DS1000Z variant that is locked down - the one with the built-in AWG. They obviously decided not to let anybody have that for free, then repented with the MSO5000 and allowed it again.

This time, the way things were done it's not "the same way".

Regarding your pretty secure "DS1000Z variant": I've told you more than once that it's also fully "licensed". It's just not with riglol. It's with an upgraded version of rigup.

That doesn't deviate me from saying that this time it was a pretty bad implementation. Time will tell.
 

Online 2N3055

  • Super Contributor
  • ***
  • Posts: 6936
  • Country: hr
Re: Hacking the HDO1k/HDO4k Rigol 12 bit scope
« Reply #126 on: November 05, 2022, 06:35:43 pm »
PS: There's a DS1000Z variant that is locked down - the one with the built-in AWG. They obviously decided not to let anybody have that for free, then repented with the MSO5000 and allowed it again.

Well not exactly... You don't make distinction between ability to generate fully valid licenses and possibility of patching scope's application. And there is a difference: with full license generator, once you unlock scope it is practically not hacked but in same state as if it where "real" licenses. After that you keep applying updates and don't care.
With patched scope application, after every FW update, you need to patch that one again before it is "enabled". So every time you rely on few "gurus" to do that for the rest of users. If they don't patch it, you stay on old FW until someone does. And in next FW it might be better protected. 

Old DS1000Z had Riglol and you could create fully valid licenses and you were good forever.
With MSO5000, it needs new patch every FW update... This is same as with Keysight Infiniivision patch that is popular...
End result might be the same but one is much less effort..
 

Online tv84

  • Super Contributor
  • ***
  • Posts: 3251
  • Country: pt
Re: Hacking the HDO1k/HDO4k Rigol 12 bit scope
« Reply #127 on: November 05, 2022, 07:00:55 pm »
And let me add this thought:

I was trying to give my contribution in order to bring some "good things" regarding this new HDO but as things turned out, AlphaRne did a pretty fast and effective job.

The sloppiness of this security/licensing implementation makes me worry: once again, how can we be sure that the rest of the code doesn't have problems of such caliber? In my mind, what I saw here doesn't bring me any comfort in the coding.

Let's consider that it was management deciding that it was necessary to put the thing out the door in a rush... But, nonetheless, the code /features were all in there so it could have been rushed out properly - in the end they could insert the same key for everyone but it would have been done correctly.

Using some bytes of a key from an, already used/tested, ECC implementation in a AES-ECB algo shows that the guy had no clue of what he was doing.  And that there is no control over this.

What I saw in the MSO and RSA was well done. Of course, it was bypassed by a patch. It's even bypassed by a keygen but that's for another day... The brand that thinks it's protected can throw the first rock.
 
The following users thanked this post: thm_w

Online tv84

  • Super Contributor
  • ***
  • Posts: 3251
  • Country: pt
Re: Hacking the HDO1k/HDO4k Rigol 12 bit scope
« Reply #128 on: November 05, 2022, 07:55:26 pm »
Because the "sloppiness" is deliberate?

Are you powered by Duracell?
 
The following users thanked this post: egonotto, tautech

Offline Fungus

  • Super Contributor
  • ***
  • Posts: 16801
  • Country: 00
Re: Hacking the HDO1k/HDO4k Rigol 12 bit scope
« Reply #129 on: November 05, 2022, 08:01:18 pm »
Regarding your pretty secure "DS1000Z variant": I've told you more than once that it's also fully "licensed". It's just not with riglol. It's with an upgraded version of rigup.

It's not impossible but it's much more difficult, you need to open it up and extract the private internal key before you can use the keygen.
 

Online tv84

  • Super Contributor
  • ***
  • Posts: 3251
  • Country: pt
Re: Hacking the HDO1k/HDO4k Rigol 12 bit scope
« Reply #130 on: November 05, 2022, 08:07:23 pm »
It's not impossible but it's much more difficult, you need to open it up and extract the private internal key before you can use the keygen.

How the heck do you think people accessed the HDO?
 

Offline tautech

  • Super Contributor
  • ***
  • Posts: 28766
  • Country: nz
  • Taupaki Technologies Ltd. Siglent Distributor NZ.
    • Taupaki Technologies Ltd.
Re: Hacking the HDO1k/HDO4k Rigol 12 bit scope
« Reply #131 on: November 05, 2022, 08:09:16 pm »
It's not impossible but it's much more difficult, you need to open it up and extract the private internal key before you can use the keygen.

How the heck do you think people accessed the HDO?
He hasn't any idea, he's powered by Duracell.  :-DD
Avid Rabid Hobbyist.
Siglent Youtube channel: https://www.youtube.com/@SiglentVideo/videos
 

Offline AlphaRne

  • Newbie
  • Posts: 8
  • Country: us
Re: Hacking the HDO1k/HDO4k Rigol 12 bit scope
« Reply #132 on: November 05, 2022, 08:14:01 pm »
AlphaRne,

This is my parsing of the FRAM that I have access:
...
Do you know what are the UInt16 fields in the Block2? Do you know if their data contents has any XXTEA encryption or other?

I didn't spend much more time decoding all the fields, but it doesn't seem to use any encryption, it just more or less copies
the config structures into the FRAM.
In your dump the number before DataSz is just the uncompressed size of the payload which is zlib compressed if the size is above 32.
And the first field after the address is actually 2 independent bytes with a 01 in the higher part if the data isn't compressed.
The other byte seems to be the the id of the service belonging to that data.
Further, the 3rd byte in the raw structure is hard coded as 0 in the firmware and I didn't look into the other fields ...

00000808  001C 0004 0109  DataSz: 003C BlockSz: 0040  [00000814-00000853]
0000089D  011A 00F0 001F  DataSz: 001F BlockSz: 001F  [000008A9-000008C7]


 
The following users thanked this post: tv84, zrq

Online tv84

  • Super Contributor
  • ***
  • Posts: 3251
  • Country: pt
Re: Hacking the HDO1k/HDO4k Rigol 12 bit scope
« Reply #133 on: November 05, 2022, 10:08:50 pm »
Refreshing the FRAM dump...

Code: [Select]
00000000  Block_0 CRC32: 530E7D6A  [00000008-0000008B]  CRC OK
00000004  Block_0  Size: 00000084 bytes
00000100  Block_1  Size: 000000B0 bytes  [00000100-000001AF]  CKSM OK
-------------------------------------------------------------
00000108  Option: 0000091D  CKSM OK
00000110  Option Size: 00000094 bytes  CKSM OK
00000118  Option CRC32: 06131D97  [0000011C-000001AF]  CRC OK
Key.data: brainpoolP256r1;04xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
-------------------------------------------------------------
00000800  Block_2 CRC32: 7BAF99DF  [00000808-00001143]  CRC OK
00000804  Block_2  Size: 0000093C bytes
-------------------------------------------------------------
00000808  1C 00 0004  UncompSz: 0109  CompSz: 003C TotSz: 0040  [00000814-00000853]  *****  1C  *****
    0100000001000000000000000000000001000000000000005A0000000000000032000000000000000A0000000000000079D1F008000000000000000000000000
    872E0FF7FFFFFFFF5A0000000000000032000000000000000A0000000000000080D1F008000000000000000000000000802E0FF7FFFFFFFF5A00000000000000
    32000000000000000A0000000000000080D1F008000000000000000000000000802E0FF7FFFFFFFF5A0000000000000032000000000000000A00000000000000
    80D1F008000000000000000000000000802E0FF7FFFFFFFF00000000C800000000000000200300000000000000000000000000000000000000000000000000E8
    030000000000000000
00000854  0B 00 0011  UncompSz: 002F  CompSz: 002F TotSz: 0030  [00000860-0000088F]  *****  Rigol Scope  *****
    00010000000001240B0000005269676F6C2053636F7065240E0000002F646174612F55736572446174610000000000
00000890  28 01 0001  UncompSz: 0001  CompSz: 0001 TotSz: 0001  [0000089C-0000089C]  *****  28  *****
    00
0000089D  1A 01 00F0  UncompSz: 001F  CompSz: 001F TotSz: 001F  [000008A9-000008C7]  *****  1A  *****
    00000000000000000000000032000000320000005000000001000132000000
000008C8  04 00 0002  UncompSz: 004C  CompSz: 0020 TotSz: 0020  [000008D4-000008F3]  *****  CH4  *****
    0080F0FA02000000000000000000000000000000000001000000000000000000000000000000000000000000000000030000002403000000434834000C000000
    000000000000000000000000
000008F4  03 00 0002  UncompSz: 004C  CompSz: 0020 TotSz: 0020  [00000900-0000091F]  *****  CH3  *****
    0080F0FA02000000000000000000000000000000000001000000000000000000000000000000000000000000000000030000002403000000434833000C000000
    000000000000000000000000
00000920  02 00 0002  UncompSz: 004C  CompSz: 0020 TotSz: 0020  [0000092C-0000094B]  *****  CH2  *****
    0080F0FA02000000000000000000000000000000000001000000000000000000000000000000000000000000000000030000002403000000434832000C000000
    000000000000000000000000
0000094C  01 00 0002  UncompSz: 0054  CompSz: 0021 TotSz: 0030  [00000958-00000987]  *****  CH1  *****
    0180F0FA020000000000000000000000000000000000010000000000000000000000000000000000000000000000000300000024030000004348310000000000
    010000000C000000000000000000000000000000
00000988  1C 00 0004  UncompSz: 0109  CompSz: 0037 TotSz: 0040  [00000994-000009D3]  *****  1C  *****
    0100000002000000000000000000000001000000000000005A0000000000000032000000000000000A0000000000000080D1F008000000000000000000000000
    802E0FF7FFFFFFFF5A0000000000000032000000000000000A0000000000000080D1F008000000000000000000000000802E0FF7FFFFFFFF5A00000000000000
    32000000000000000A0000000000000080D1F008000000000000000000000000802E0FF7FFFFFFFF5A0000000000000032000000000000000A00000000000000
    80D1F008000000000000000000000000802E0FF7FFFFFFFF00000000C800000000000000200300000000000000000000000000000000000000000000000000E8
    030000000000000000
000009D4  1D 00 0001  UncompSz: 0029  CompSz: 001F TotSz: 0020  [000009E0-000009FF]  *****  1D  *****
    00010000000100000004000000000000000000000200000000000000000100000000406352BFC60100
00000A00  1E 01 0002  UncompSz: 001F  CompSz: 001F TotSz: 001F  [00000A0C-00000A2A]  *****  1E  *****
    000100000000000000000000000000000000000000000000CA9A3B00000000
00000A2B  16 00 0001  UncompSz: 00B2  CompSz: 0040 TotSz: 0040  [00000A37-00000A76]  *****  REF 1-10  *****
    00000000000001000000000400000024040000005245463100000000030000002404000000524546320000000002000000240400000052454633000000000100
    00002404000000524546340000000000000000240400000052454635000000000400000024040000005245463600000000030000002404000000524546370000
    0000020000002404000000524546380000000001000000240400000052454639000000000000000024050000005245463130
00000A77  15 00 0003  UncompSz: 0078  CompSz: 0030 TotSz: 0030  [00000A83-00000AB2]  *****  15  *****
    0000000000000000010000000500000003000000C80000002003000040000000C0010000C80000002003000040000000C0010000C80000002003000040000000
    C001000000000000010000000100000001000000020000000100000040000000C0010000C001000040000000C0010000400000006564000D
00000AB3  2A 00 0006  UncompSz: 01B2  CompSz: 006E TotSz: 0070  [00000ABF-00000B2E]  *****  2A  *****
    00000000000000000000000000010000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000000000000
    00000000000000000000000001000000010001000000010000000100000001000000010000000100000001000000010000000100000001000000010000000100
    00000100000001000000010000000100000001000000010000000100000001000000010000000100000001000000010000000100000001000000010000000100
    00000100000001000000010000000100000001000000000000008025000008000000000000000000000000000000000000010000000200000000010000000002
    000000000000000300000000010800000000CA9A3B0000000001010100000040420F0040420F0001000000320000003200000001000000004B00000002000000
    01010000000002000000030000000000000000040000000400000001000000010100000080969800000000000100000000000000010000000114000000C0C62D
    0000000000060000000101000000A08601000000000000000000010000000100000001000000020000000100000000389C1C
00000B2F  2B 00 0006  UncompSz: 0192  CompSz: 006C TotSz: 0070  [00000B3B-00000BAA]  *****  2B  *****
    00000000000000000000000000010000000000010000000000000000000000000000000000000000000000000100000001000100000001000000010000000100
    00000100000001000000010000000100000001000000010000000100000001000000010000000100000001000000010000000100000001000000010000000100
    00000100000001000000010000000100000001000000010000000100000001000000010000000100000001000000010000000100000000000000802500000800
    0000000000000000000000000000000000010000000200000000010000000002000000000000000300000000010800000000CA9A3B0000000001010100000040
    420F0040420F0001000000320000003200000001000000004B000000020000000101000000000200000003000000000000000004000000040000000100000001
    0100000080969800000000000100000000000000010000000114000000C0C62D0000000000060000000101000000A08601000000000000000000010000000100
    000001000000020000000100000000389C1C
00000BAB  2C 00 0006  UncompSz: 0192  CompSz: 006C TotSz: 0070  [00000BB7-00000C26]  *****  2C  *****
    00000000000000000000000000010000000000010000000000000000000000000000000000000000000000000100000001000100000001000000010000000100
    00000100000001000000010000000100000001000000010000000100000001000000010000000100000001000000010000000100000001000000010000000100
    00000100000001000000010000000100000001000000010000000100000001000000010000000100000001000000010000000100000000000000802500000800
    0000000000000000000000000000000000010000000200000000010000000002000000000000000300000000010800000000CA9A3B0000000001010100000040
    420F0040420F0001000000320000003200000001000000004B000000020000000101000000000200000003000000000000000004000000040000000100000001
    0100000080969800000000000100000000000000010000000114000000C0C62D0000000000060000000101000000A08601000000000000000000010000000100
    000001000000020000000100000000389C1C
00000C27  2D 00 0006  UncompSz: 0192  CompSz: 006C TotSz: 0070  [00000C33-00000CA2]  *****  2D  *****
    00000000000000000000000000010000000000010000000000000000000000000000000000000000000000000100000001000100000001000000010000000100
    00000100000001000000010000000100000001000000010000000100000001000000010000000100000001000000010000000100000001000000010000000100
    00000100000001000000010000000100000001000000010000000100000001000000010000000100000001000000010000000100000000000000802500000800
    0000000000000000000000000000000000010000000200000000010000000002000000000000000300000000010800000000CA9A3B0000000001010100000040
    420F0040420F0001000000320000003200000001000000004B000000020000000101000000000200000003000000000000000004000000040000000100000001
    0100000080969800000000000100000000000000010000000114000000C0C62D0000000000060000000101000000A08601000000000000000000010000000100
    000001000000020000000100000000389C1C
00000CA3  11 00 0005  UncompSz: 00C8  CompSz: 0066 TotSz: 0070  [00000CAF-00000D1E]  *****  Math1  *****
    00000000000000000000000024050000004D617468310001010101010065CD1D0000000000C817A80400000000E40B540200000000000000000000000010A5D4
    E8000000005039278C04000000A0724E18090000000000000000000000A0724E18090000000057D3470100000000D2496B000000000005000000000000000500
    00000102010100000000000000000103000000000000000000000000000000000000000000000000000000000000000040420F0000000000FAFFFFFF00000000
    00000000FAFFFFFF
00000D1F  12 00 0005  UncompSz: 00C8  CompSz: 0066 TotSz: 0070  [00000D2B-00000D9A]  *****  Math2  *****
    00000000000000000000000024050000004D617468320001010101010065CD1D0000000000C817A80400000000E40B540200000000000000000000000010A5D4
    E8000000005039278C04000000A0724E18090000000000000000000000A0724E18090000000057D3470100000000D2496B000000000005000000000000000500
    00000102010100000000000000000103000000000000000000000000000000000000000000000000000000000000000040420F0000000000FAFFFFFF00000000
    00000000FAFFFFFF
00000D9B  13 00 0005  UncompSz: 00C8  CompSz: 0066 TotSz: 0070  [00000DA7-00000E16]  *****  Math3  *****
    00000000000000000000000024050000004D617468330001010101010065CD1D0000000000C817A80400000000E40B540200000000000000000000000010A5D4
    E8000000005039278C04000000A0724E18090000000000000000000000A0724E18090000000057D3470100000000D2496B000000000005000000000000000500
    00000102010100000000000000000103000000000000000000000000000000000000000000000000000000000000000040420F0000000000FAFFFFFF00000000
    00000000FAFFFFFF
00000E17  14 00 0005  UncompSz: 00C8  CompSz: 0066 TotSz: 0070  [00000E23-00000E92]  *****  Math4  *****
    00000000000000000000000024050000004D617468340001010101010065CD1D0000000000C817A80400000000E40B540200000000000000000000000010A5D4
    E8000000005039278C04000000A0724E18090000000000000000000000A0724E18090000000057D3470100000000D2496B000000000005000000000000000500
    00000102010100000000000000000103000000000000000000000000000000000000000000000000000000000000000040420F0000000000FAFFFFFF00000000
    00000000FAFFFFFF
00000E93  29 00 0003  UncompSz: 0552  CompSz: 00A1 TotSz: 00B0  [00000E9F-00000F4E]  *****  29  *****
    0100000000000000000000000000000000000000000000000000127A000000000000000000000000000000000000000000000000000000000000000000000000
    00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
    000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000004E725300000000004E725300
    000000004E725300000000004E725300000000004E725300000000004E725300000000004E725300000000004E725300000000004E725300000000004E725300
    000000004E725300000000004E725300000000004E725300000000004E725300000000004E725300000000004E725300000000004E725300000000004E725300
    000000004E725300000000004E725300000000004E725300000000004E725300000000004E725300000000004E725300000000004E725300000000004E725300
    000000004E725300000000004E725300000000004E725300000000004E725300000000004E725300000000004E72530000000000000000000000000000000000
    00000000000000000000000000000000000000000000000000000000000000000000000100000000000000010000000000000001000000009435770000000000
    CA9A3B00000000010000000000000001000000009435770000000000CA9A3B000000000100000000000000000000000000000001000000020000000200000002
    00000002000000020000000200000002000000020000000200000002000000020000000200000002000000020000000200000002000000020000000200000002
    00000002000000020000000000000002000000020000000200000002000000020000000200000002000000020000000200000002000000020000000200000002
    0000000200000002000000020000000200000002000000020000000200000002000000000000000100000001000000009435770000000000CA9A3B0000000001
    0000000000000000CA9A3B00000000010000000000000000000000009435770000000000CA9A3B00000000010000000000000000CA9A3B000000000000000001
    0000000100000001000000020000000000000000CA9A3B0000000000943577000000000000000000000000000000000000000000000000010000000200000000
    00000000CA9A3B0000000000943577000000000100000000CA9A3B00000000010000000000000000000000010000008025000000000000000000000007000000
    000000000000000000000000000000000000000000000000010000000200000000000000000000000000000000000000010000000000000000000000FFFFFFFF
    24080000005858585858585858010000000200000003000000000000000000000000000000000000000700000000CA9A3B000000002408000000585858585858
    5858080000000000000000000000000000000100000000000000000100000040420F0040420F0000000000000000000000000000000000000000000000000000
    000000000000000000320000003200000000000000000000000000000024080000005858585858585858240C0000005858582058585858585858580000000000
    00000000000000000000000000000000000000000000000100000080250000020000000000000000000000000000000000000000000000000000003200000001
    000000240800000058585858585858580000000001000000020000000300000000000000000000000000000004000000040000000000000000000000FFFF0000
    240400000058585858240400000058585858
00000F4F  2F 00 0011  UncompSz: 0049  CompSz: 0037 TotSz: 0040  [00000F5B-00000F9A]  *****  Network Config  *****
    240E0000003139322E3136382E3130302E3635240D0000003235352E3235352E3235352E30240D0000003139322E3136382E3130302E31240D0000003231372E
    32392E3134342E3635
00000F9B  0C 01 0001  UncompSz: 0015  CompSz: 0015 TotSz: 0015  [00000FA7-00000FBB]  *****  0C  *****
    000000000100000000000100010000000002000000
00000FBC  23 01 0003  UncompSz: 0008  CompSz: 0008 TotSz: 0008  [00000FC8-00000FCF]  *****  23  *****
    0100000164000000
00000FD0  2E 00 0010  UncompSz: 0034  CompSz: 0020 TotSz: 0020  [00000FDC-00000FFB]  *****  2E  *****
    0000010000000000000000000000E7030000180000000C000000000100CA9A3B0000000000000000000000000100000000000000
00000FFC  0E 00 0010  UncompSz: 0030  CompSz: 0023 TotSz: 0030  [00001008-00001037]  *****  0E  *****
    0001000080969800000000000000000000407A10F35A0000000000000100000000000000010000000A000000E8030000
00001038  1B 01 000D  UncompSz: 0010  CompSz: 0010 TotSz: 0010  [00001044-00001053]  *****  1B  *****
    00000000010000000000000007000000
00001054  19 00 0005  UncompSz: 01F6  CompSz: 0023 TotSz: 0030  [00001060-0000108F]  *****  19  *****
    00000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
    00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000
    00000000000000000000000000000000000000000000000000000000000000000000004E725300000000004E725300000000004E725300000000004E72530000
    0000004E725300000000004E725300000000004E725300000000004E725300000000004E725300000000004E725300000000004E725300000000004E72530000
    0000004E725300000000004E725300000000004E725300000000004E725300000000004E725300000000004E725300000000004E725300000000004E72530000
    0000004E725300000000004E725300000000004E725300000000004E725300000000004E725300000000004E725300000000004E725300000000004E72530000
    0000004E725300000000004E725300000000004E725300000000004E725300000000000000000000000000000000000000000000000000000000000000000000
    0000000000000000000000000000000000000100000000000000010000000000000001000000009435770000000000CA9A3B00000000
00001090  1F 00 0003  UncompSz: 0050  CompSz: 002E TotSz: 0030  [0000109C-000010CB]  *****  1F  *****
    00000000E8030000E8030000000000005A000000320000000A000000E0930400000000000000000000000000206CFBFFFFFFFFFF010000000000000001000000
    02000000000000000500000000000000
000010CC  3A 00 0003  UncompSz: 005F  CompSz: 002A TotSz: 0030  [000010D8-00001107]  *****  3A  *****
    000000000064000000000000000080E03779C3110002000000000100000000000000000000000000000000000000000000000000020000000000000001000000
    000000000A00000000000000000400000000010000000A0000006400000000
00001108  0A 00 0005  UncompSz: 005C  CompSz: 0026 TotSz: 0030  [00001114-00001143]  *****  0A  *****
    02000000000000000000000000000000000000000000009435770000000000000000000000000065CD1D00000000000000000000000002000000000000000002
    00000006000000010000000064000000000000000010A5D4E8000000
 

Offline Fungus

  • Super Contributor
  • ***
  • Posts: 16801
  • Country: 00
Re: Hacking the HDO1k/HDO4k Rigol 12 bit scope
« Reply #134 on: November 06, 2022, 03:47:00 am »
It's not impossible but it's much more difficult, you need to open it up and extract the private internal key before you can use the keygen.

How the heck do you think people accessed the HDO?

 :palm: :palm:

People are currently accessing the HDO like in Dave's video, I guess.

That doesn't necessarily mean the final hack will require opening it up though.

(Fingers crossed we won't need to install Android Studio though.  :scared: )
« Last Edit: November 06, 2022, 04:15:20 am by Fungus »
 

Offline Fungus

  • Super Contributor
  • ***
  • Posts: 16801
  • Country: 00
Re: Hacking the HDO1k/HDO4k Rigol 12 bit scope
« Reply #135 on: November 06, 2022, 03:53:57 am »
He hasn't any idea, he's powered by Duracell.  :-DD

I'm guessing you'll be stocking these new Rigol scopes, soon, right?  :-+

 

Online tv84

  • Super Contributor
  • ***
  • Posts: 3251
  • Country: pt
Re: Hacking the HDO1k/HDO4k Rigol 12 bit scope
« Reply #136 on: November 06, 2022, 10:03:42 am »
That doesn't necessarily mean the final hack will require opening it up though.

Sure, but that depends on the ammount of effort some guys here put into the matter. As in the case of your secure "DS1000Z variant", if there was still enough interest (and I'm not saying that you can't dump it via SCPI on an earlier FW) a solution would also appear.

Although, based on your assumptions, Rigol may soon start shipping stickers on the scopes with hacking/licensing instructions.  ;)
 
The following users thanked this post: egonotto

Online 2N3055

  • Super Contributor
  • ***
  • Posts: 6936
  • Country: hr
Re: Hacking the HDO1k/HDO4k Rigol 12 bit scope
« Reply #137 on: November 06, 2022, 11:29:06 am »
He hasn't any idea, he's powered by Duracell.  :-DD

I'm guessing you'll be stocking these new Rigol scopes, soon, right?  :-+

:-DD
Knowing Rob, probably not..
But we are waiting for you to start...  :popcorn:
 
The following users thanked this post: tautech, Martin72

Offline pmaster

  • Newbie
  • Posts: 8
  • Country: de
Re: Hacking the HDO1k/HDO4k Rigol 12 bit scope
« Reply #138 on: November 06, 2022, 07:43:30 pm »
Someone with adb access to the device: Could you maybe please post the output of

adb shell getprop

? (also possible as "getprop" from uart console)
Thanks!
 

Offline tautech

  • Super Contributor
  • ***
  • Posts: 28766
  • Country: nz
  • Taupaki Technologies Ltd. Siglent Distributor NZ.
    • Taupaki Technologies Ltd.
Re: Hacking the HDO1k/HDO4k Rigol 12 bit scope
« Reply #139 on: November 06, 2022, 07:47:58 pm »
He hasn't any idea, he's powered by Duracell.  :-DD

I'm guessing you'll won't be stocking these new Rigol scopes, soon, right?  :-+
FTFY
Avid Rabid Hobbyist.
Siglent Youtube channel: https://www.youtube.com/@SiglentVideo/videos
 

Offline Fungus

  • Super Contributor
  • ***
  • Posts: 16801
  • Country: 00
Re: Hacking the HDO1k/HDO4k Rigol 12 bit scope
« Reply #140 on: November 06, 2022, 08:45:37 pm »
He hasn't any idea, he's powered by Duracell.  :-DD
I'm guessing you'll won't be stocking these new Rigol scopes, soon, right?  :-+
FTFY

Just wondering why you're in every single Rigol thread, it's almost as if you're interested in selling them...
 

Online Martin72

  • Super Contributor
  • ***
  • Posts: 6084
  • Country: de
  • Testfield Technician
Re: Hacking the HDO1k/HDO4k Rigol 12 bit scope
« Reply #141 on: November 06, 2022, 10:06:19 pm »
And you selling all the brands... ;)

Offline EEVblog

  • Administrator
  • *****
  • Posts: 37947
  • Country: au
    • EEVblog
Re: Hacking the HDO1k/HDO4k Rigol 12 bit scope
« Reply #142 on: November 07, 2022, 12:37:21 am »
curious if adding a second ADC is possible on the 1k series. the power rails are off the shelf parts but the ADC itself...

Nope, it's a proprietary Rigol part. Or at least appears to be.
I think most people would be happy with the half sample limitation if you can hack everything else.
 
The following users thanked this post: egonotto

Online Martin72

  • Super Contributor
  • ***
  • Posts: 6084
  • Country: de
  • Testfield Technician
Re: Hacking the HDO1k/HDO4k Rigol 12 bit scope
« Reply #143 on: November 07, 2022, 12:58:20 am »
Exactly this.
Although there is nothing much to do for hackers, "officially".
Actually there are two types of enhancements avaible for the HDO1000.
Memory and bandwith, that´s all.



Offline EEVblog

  • Administrator
  • *****
  • Posts: 37947
  • Country: au
    • EEVblog
Re: Hacking the HDO1k/HDO4k Rigol 12 bit scope
« Reply #144 on: November 07, 2022, 04:32:06 am »
Exactly this.
Although there is nothing much to do for hackers, "officially".
Actually there are two types of enhancements avaible for the HDO1000.
Memory and bandwith, that´s all.

US$900 saving.
 
The following users thanked this post: egonotto

Offline bob808

  • Frequent Contributor
  • **
  • Posts: 281
  • Country: 00
Re: Hacking the HDO1k/HDO4k Rigol 12 bit scope
« Reply #145 on: November 07, 2022, 04:44:39 am »
Yeah the closest ADC I found in 88 pad package is AD9691, but it's a 14bit one and wrong pinout. And costs more than the HDO1000 scope.
 
The following users thanked this post: egonotto

Offline Fungus

  • Super Contributor
  • ***
  • Posts: 16801
  • Country: 00
Re: Hacking the HDO1k/HDO4k Rigol 12 bit scope
« Reply #146 on: November 07, 2022, 06:04:17 am »
I think most people would be happy with the half sample limitation if you can hack everything else.

Yep.

If I can hack the HDO1074 to a HDO1204 with all options then that's good enough.

I dunno if making it a HDO1404 is a good idea or not.

The ideal hack would be a HDO1404 which turns on the 200MHz bandwidth limit when you enable more than 2 channels. Not impossible to do, but patching the binary would be quite a feat...
« Last Edit: November 07, 2022, 06:15:26 am by Fungus »
 

Offline Fungus

  • Super Contributor
  • ***
  • Posts: 16801
  • Country: 00
Re: Hacking the HDO1k/HDO4k Rigol 12 bit scope
« Reply #147 on: November 07, 2022, 06:07:44 am »
Actually there are two types of enhancements avaible for the HDO1000.
Memory and bandwith, that´s all.

Does the HDO1000 have 500M memory on the PCB?
 

Offline tautech

  • Super Contributor
  • ***
  • Posts: 28766
  • Country: nz
  • Taupaki Technologies Ltd. Siglent Distributor NZ.
    • Taupaki Technologies Ltd.
Re: Hacking the HDO1k/HDO4k Rigol 12 bit scope
« Reply #148 on: November 07, 2022, 06:26:02 am »
Exactly this.
Although there is nothing much to do for hackers, "officially".
Actually there are two types of enhancements avaible for the HDO1000.
Memory and bandwith, that´s all.

US$900 saving.
Some of the current Siglent promo savings are 3x that.
Avid Rabid Hobbyist.
Siglent Youtube channel: https://www.youtube.com/@SiglentVideo/videos
 

Offline bob808

  • Frequent Contributor
  • **
  • Posts: 281
  • Country: 00
Re: Hacking the HDO1k/HDO4k Rigol 12 bit scope
« Reply #149 on: November 07, 2022, 07:12:49 am »
Does the HDO1000 have 500M memory on the PCB?

I think it has 2GB total for the fpga. It's marked D9SHG which is a 4Gb chip, and has 4 of them.
 
The following users thanked this post: egonotto


Share me

Digg  Facebook  SlashDot  Delicious  Technorati  Twitter  Google  Yahoo
Smf